Patient Privacy: The Elephant in the Room

Albert Shar, managing principle at QERT and former Robert Wood Johnson Foundation vice president and senior program officer reflects on lessons learned from the RWJF-funded project, “Testing a system of establishing voluntary patient identification across multiple health care records to improve outcomes and reduce costs” (Shar is a guest blogger. His opinions are not necessarily those of the Robert Wood Johnson Foundation).

When it comes to improving patient safety, patient privacy is the elephant in the room.

Virtually every developed country except the United States has a method for identifying patients. Misidentification of patients is not only costly and inefficient—it’s also dangerous. According to data from the Institute of Medicine and the Joint Commission, in the U.S., nearly 60 percent of the 200,000 deaths per year caused by medical errors are cases of mistaken identity.

Not only do universal patient identification systems help reduce medical errors, but they also support better care coordination and prevent duplication of services. Why doesn’t the U.S. have such a system? A major reason has to do with concerns around patient privacy and confidentiality.

Although the Health Insurance Portability and Accountability Act (HIPAA) included a provision for universal patient identification, it was amended to not only remove that provision but also to forbid any government-funded research on universal identification until such time that patient confidentiality could be guaranteed.

A report released earlier this year by the Office of the National Coordinator for Health Information Technology (ONC) provides an environmental scan of the issues surrounding patient identification and matching, but does not propose a specific course of action.

As I see it, everyone agrees that patient privacy and confidentiality are paramount, but no one wants to go on record claiming to have the answer. According to one report, 29.3 million patient health records have been compromised in a HIPAA data breach since 2009. There is a lot of fear around this issue.

So we remain at an impasse, unable to make meaningful progress on a universal patient identification system and unwilling to address patient privacy issues in a meaningful way.

Testing a Voluntary Health Identification System

The Voluntary Universal Health Identification (VUHID) Demonstration Project represented an attempt to break this impasse. The basic concept was pretty simple: Instead of purporting to have a “fool-proof” system, what if you explained the risks and benefits of universal identification to patients and let them decide? A kind of informed consent, if you will, with the assurance of an instantaneous response in the event of a data breach.

In 2011, RWJF funded the Western Health Information Network (WHIN), a health information exchange based in Long Beach, CA, to test a voluntary system of implementing reliable patient identifiers with a firm called Global Patient Identifiers, Inc. (GPII), of Tucson, AZ. GPII had already developed a voluntary universal health ID system, following the ASTM Standard for a VUHID, which it believed was technologically capable of protecting patient privacy and confidentiality, and WHIN was eager to test it.

It seemed perfect.

But things did not go as planned. WHIN had hoped to enroll about 1,000 patients, but wound up with only a few hundred instead. In addition, not all the providers participating in the project had the technological capacity to fully implement universal patient ID. Two of the three project sites were not far enough along with their own electronic health record (EHR) systems to implement the VUHID as designed. Most significantly, and unrelated to the project, WHIN went bankrupt before the yearlong demonstration could be completed.

First, to our surprise, we discovered that patients were quite open to enrolling in a universal health ID system when the pros and cons were explained to them. Patient resistance was not an issue.

Second, the technology is here. We can do this.

So the two things we anticipated would be our biggest challenges were not.

The things we didn’t anticipate—such as lack of communication between the project partners—proved to be the greatest challenges. In a project like this, everyone needs to be on the same page.

The other major challenge was sustainability. We never gained a full understanding of the transaction costs involved in using the VUHID, and we didn’t figure out a way for the VUHID to generate revenue.

I thought that if we demonstrated that we could enroll patients and that the technology worked, we would convince the world that we had resolved the privacy and confidentiality issues around universal patient identification. The truth is that it’s more complicated than that.

I am now convinced that in order to move forward, we need a neutral, respected convener to bring together all the parties with an interest in universal patient identification, including government, insurers, patient advocates, and providers. We need to acknowledge issues of patient privacy and we need to have a conversation where all points of view are respected and that achieves a common vision.

This is not an easy conversation to have, because we’re all afraid of this elephant. Patient privacy and confidentiality are important, and they must be protected. But we will never tame the elephant as long as we keep trying to avoid it.

It is time to reach out and touch the elephant.

For additional details about what we learned from this grant, click here.

This commentary originally appeared on the RWJF Pioneering Ideas blog.